From owner-freebsd-current Sat Mar 20 21:19:10 1999 Delivered-To: freebsd-current@freebsd.org Received: from horst.bfd.com (horst.bfd.com [12.9.219.10]) by hub.freebsd.org (Postfix) with ESMTP id AE67D14E20 for ; Sat, 20 Mar 1999 21:19:08 -0800 (PST) (envelope-from ejs@bfd.com) Received: from HARLIE.bfd.com (bastion.bfd.com [12.9.219.14]) by horst.bfd.com (8.9.2/8.9.1) with ESMTP id VAA62032; Sat, 20 Mar 1999 21:18:49 -0800 (PST) (envelope-from ejs@bfd.com) Date: Sat, 20 Mar 1999 21:18:49 -0800 (PST) From: "Eric J. Schwertfeger" To: current@FreeBSD.ORG Cc: donegan@quick.net Subject: Re: IPSEC support? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Is there any IPSEC support available for current? I've found support for > 2.2.8, but not so far for current. KAME has support for 3.1-RELEASE. I don't know how far -current has diverged, but you might want to try www.kame.net. KAME is IP6 and IPSEC, but you can compile it with only IPSEC. You should note that KAME and the IPDIVERT option are mutually exclusive, unless they've fixed it in the last week (snaps come out Sunday/Monday and I haven't had the chance to test the last snap). If all else fails, you can hack up something using IPDIVERT that does ESP transport in userspace (not full IPSEC) in a weekend. At least that's how long it took me. The code is not ready to be released, and I'm not sure I want to go through the hassle of trying to export-control it at any rate (US citizen vs government stupidity). (ref the not full IPSEC, RFC2401 just came out a few months ago, is three times the size of the previous IPSEC RFC (1825), and mandates a lot of things that I'm not ready to start coding). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message